Hi all,
I have traefik working great for my external facing services with authelia.
However, I have some local redirection that I want to do for services that I don't want accessed externally, but want accessed locally with no auth and no redirect to https for .lan domains.
I'm not interested in issuing my own SSL certs for my LAN at the moment, that will be in the future. I am interested in being on my own network, type in http://chronograf.lan and it takes me to 192.168.0.125:8888.
I already do this with pihole + my synology's built in reverse proxy, but its been acting up and I would rather not debug is since the synology has always been kinda tempermental, and I want a setup that is reproducible which Synology is not.
Here are things I've tried:
This gives me a gateway timeout but at least doesn't send me to https
<docker-compose.yaml>
labels:
- "traefik.enable=true"
## HTTP Routers Auth
- "traefik.http.routers.chronograf-rtr.entrypoints=http"
- "traefik.http.routers.chronograf-rtr.rule=Host(`chronograf.lan`)"
- "traefik.http.routers.chronograf-rtr.priority=99"
## Middlewares
- "traefik.http.routers.chronograf-rtr.middlewares=chain-no-auth-local@file"
## HTTP Services
- "traefik.http.routers.chronograf-rtr.service=chronograf-svc"
- "traefik.http.services.chronograf-svc.loadbalancer.server.port=8888"
<rules/middleware-chains.yaml>
http:
middlewares:
chain-no-auth-local:
chain:
middlewares:
- middlewares-rate-limit
this redirects to https with default cert and then gives me a 404 not found.
<rules/app-local.yaml>
http:
routers:
chronograf-rtr:
rule: "Host(`chronograf.lan`)"
entryPoints:
- http
service: chronograf-svc
services:
chronograf-svc:
loadBalancer:
servers:
- url: "http://192.168.0.125:8888"
I also tried adding this to my traefik docker compose to prevent routing to https on *.lan domains, but this also leads to a gateway timeout.
- "traefik.http.routers.http-local.entrypoints=http"
- "traefik.http.routers.http-local.rule=HostRegexp(`{.+.lan}`)"
- "traefik.http.routers.http-local.priority=100"
What am I missing?
If I look in the traefik dashboard, the chronograf-svc is pointing to the right place but I'm still getting gateway errors and 404's
Any ideas?
These are the labels to my traefik:
labels:
- "traefik.enable=true"
# HTTP-to-HTTPS Redirect
- "traefik.http.routers.http-local.entrypoints=http"
- "traefik.http.routers.http-local.rule=HostRegexp(`{.+.lan}`)"
- "traefik.http.routers.http-local.priority=100"
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# HTTP Routers
- "traefik.http.routers.traefik-rtr-1.entrypoints=https"
- "traefik.http.routers.traefik-rtr-1.rule=Host(`traefik.$DOMAIN1`)"
- "traefik.http.routers.traefik-rtr-1.tls=true"
#- "traefik.http.routers.traefik-rtr-1.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
- "traefik.http.routers.traefik-rtr-1.tls.domains[0].main=$DOMAIN1"
- "traefik.http.routers.traefik-rtr-1.tls.domains[0].sans=*.$DOMAIN1"
- "traefik.http.routers.traefik-rtr-1.tls.domains[1].main=$DOMAIN2"
- "traefik.http.routers.traefik-rtr-1.tls.domains[1].sans=*.$DOMAIN2"
## Services - API
- "traefik.http.routers.traefik-rtr-1.service=api@internal"
## Middlewares
- "traefik.http.routers.traefik-rtr-1.middlewares=chain-authelia@file"